/*
* firewall3 - 3rd OpenWrt UCI firewall implementation
*
- * Copyright (C) 2013 Jo-Philipp Wich <jow@openwrt.org>
+ * Copyright (C) 2013 Jo-Philipp Wich <jo@mein.io>
*
* Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
{ FW3_FAMILY_##f, FW3_TABLE_##tbl, FW3_FLAG_##def, fmt }
static const struct fw3_chain_spec default_chains[] = {
- //C(ANY, FILTER, UNSPEC, "delegate_input"),
- //C(ANY, FILTER, UNSPEC, "delegate_output"),
- //C(ANY, FILTER, UNSPEC, "delegate_forward"),
C(ANY, FILTER, UNSPEC, "reject"),
C(ANY, FILTER, CUSTOM_CHAINS, "input_rule"),
C(ANY, FILTER, CUSTOM_CHAINS, "output_rule"),
C(ANY, FILTER, CUSTOM_CHAINS, "forwarding_rule"),
C(ANY, FILTER, SYN_FLOOD, "syn_flood"),
- //C(V4, NAT, UNSPEC, "delegate_prerouting"),
- //C(V4, NAT, UNSPEC, "delegate_postrouting"),
C(V4, NAT, CUSTOM_CHAINS, "prerouting_rule"),
C(V4, NAT, CUSTOM_CHAINS, "postrouting_rule"),
- //C(ANY, MANGLE, UNSPEC, "mssfix"),
- //C(ANY, MANGLE, UNSPEC, "fwmark"),
-
- //C(ANY, RAW, UNSPEC, "delegate_notrack"),
-
{ }
};
defs->tcp_syncookies = true;
defs->tcp_window_scaling = true;
defs->custom_chains = true;
+ defs->drop_invalid = true;
uci_foreach_element(&p->sections, e)
{
set(defs->flags, handle->family, handle->table);
}
-
-struct toplevel_rule {
- enum fw3_table table;
- const char *chain;
- const char *target;
-};
-
void
fw3_print_default_head_rules(struct fw3_ipt_handle *handle,
struct fw3_state *state, bool reload)
struct fw3_device lodev = { .set = true };
struct fw3_protocol tcp = { .protocol = 6 };
struct fw3_ipt_rule *r;
- //struct toplevel_rule *tr;
const char *chains[] = {
"INPUT", "input",
"FORWARD", "forwarding",
};
- //struct toplevel_rule rules[] = {
- // { FW3_TABLE_FILTER, "INPUT", "delegate_input" },
- // { FW3_TABLE_FILTER, "OUTPUT", "delegate_output" },
- // { FW3_TABLE_FILTER, "FORWARD", "delegate_forward" },
- //
- // { FW3_TABLE_NAT, "PREROUTING", "delegate_prerouting" },
- // { FW3_TABLE_NAT, "POSTROUTING", "delegate_postrouting" },
- //
- // { FW3_TABLE_MANGLE, "FORWARD", "mssfix" },
- // { FW3_TABLE_MANGLE, "PREROUTING", "fwmark" },
- //
- // { FW3_TABLE_RAW, "PREROUTING", "delegate_notrack" },
- //
- // { 0, NULL },
- //};
- //
- //for (tr = rules; tr->chain; tr++)
- //{
- // if (tr->table != handle->table)
- // continue;
- //
- // r = fw3_ipt_rule_new(handle);
- // fw3_ipt_rule_target(r, tr->target);
- // fw3_ipt_rule_replace(r, tr->chain);
- //}
-
switch (handle->table)
{
case FW3_TABLE_FILTER: